SEBI releases new guidelines to improve cybersecurity framework for stock exchanges. Details here

livemint.com:

SEBI on Tuesday announced new guidelines to strengthen the existing cyber security and cyber resilience framework for Market Infrastructure Institutions like the Stock Exchanges, clearing corporations and depositories. In a release on Tuesday, SEBI said, “With the change in market dynamics in the Indian Securities markets, the interdependence among the MIIs has seen significant increase.

Considering the interconnectedness and interdependency of the MIIs to carry out their functions, the cyber risk of any given MII is no longer limited to the MII’s owned or controlled systems, networks and assets." “Based on the recommendations of the High Powered Steering Committee on Cyber Security of SEBIandin consultation with MIIs, it has been decided to issue guidelines for strengthening the existing cyber security and cyber resilience framework of MIIs." SEBI noted. Under the new guidelines issued by SEBI, Mlls will have to maintain offline, encrypted backups of data and regularly test these backups at least on a quarterly basis in order to ensure confidentiality, integrity and availability.

SEBI further noted that MIIs should explore the possibility of retaining spare hardware in an isolated environment in order to rebuild systems in the event starting their operations from both the Primary Data Centre (PDC) and Disaster Recovery Site (DRS) is not feasible. The capital market regulator also directed that MIIs should regularly conduct business continuity drills in a bid to check the readiness of the organization and the effectiveness of the existing security controls at the ground level to deal with ransomware attacks.